mridulm commented on code in PR #2469:
URL: https://github.com/apache/celeborn/pull/2469#discussion_r1573316387
##########
common/src/main/java/org/apache/celeborn/common/network/ssl/SSLFactory.java:
##########
@@ -85,6 +96,28 @@ private void initJdkSslContext(final Builder b) throws
IOException, GeneralSecur
this.jdkSslContext = createSSLContext(requestedProtocol, keyManagers,
trustManagers);
}
+ /*
+ * As b.trustStore is null, credulousTrustStoreManagers will be used - and
so all
+ * certs will be accepted - and hence self-signed cert from lifecycle
manager will
+ * be accepted at executors: nothing else needs to be done to enable its
+ * use - other than generation of the certificate itself, which is what gets
done here.
+ */
+ private void configureAutoSsl(Builder b) {
+ // The keystore creation ideally be done only at Lifecycle manager, and
not in executors
+ // It does not cause issues to run it at executors, though it is not
necessary.
+ // How can be identify this scenario and ensure this is not invoked at
executors ?
Review Comment:
Oh wait, maybe I misunderstood the idea.
Is the proposal to:
* Use `RPC_LIFECYCLEMANAGER_MODULE` and `RPC_CLIENT_MODULE` internally to
differentiate.
* Have both of inherit from `RPC_CLIENT_MODULE` - and users configure for
`RPC_CLIENT_MODULE`, not at the internal module level.
This way we have the ability to differentiate internally, without exposing
this detail to users ?
I will prototype assuming this is the idea - but appears to be fine to me;
will update.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
